/srv/irclogs.ubuntu.com/2021/06/10/#snappy.txt

=== jamesh_ is now known as jamesh
=== not_phunyguy is now known as phunyguy
=== not_phunyguy is now known as phunyguy
mborzeckimorning05:22
mborzeckimardy: hey'06:02
mardymborzecki: hi!06:04
mardymborzecki: I'm struggling with writing a unit test. I don't understand how to do mocking in Go... and on the interwebs I can't find anything useful06:06
mardyI found this: https://stackoverflow.com/questions/36688872/golang-test-mock-functions-best-practices, but still doesn't answer the main question (if you search for "mardy" in the page you'll find the question I just added)06:06
mardythey all explain how to mock a function or an interface, but not how to mock a package06:07
mborzeckimardy: quich chat maybe?06:11
mborzeckiand you can share your screen then06:11
mardyoh, thanks, sure06:14
mardymborzecki: sent you an invite06:16
mborzeckimvo: hey06:30
mvogood morning mborzecki 06:32
zyga-mbpgood morning06:46
zyga-mbpmvo: hey :-)06:46
zyga-mbphow are you doing?06:46
mvogood morning zyga-mbp ! I'm good, thank you06:46
zyga-mbpmvo: I'm working on something that could be useful for you when completed: a way to run spread tasks against a lava installation06:48
zyga-mbpmvo: lava supports quite a lot of devices for automation, so it might be an alternative to test flinger 06:48
zyga-mbpmvo: we should have it working in a week or two06:49
mvozyga-mbp: nice! do we use that in our cert lab too?06:49
zyga-mbpmvo: I don't know, even if it's really apt-get install away to get working, there's some initial config (admin user, register devices) but it could be something to consider especially if the target board is supported already06:50
zyga-mbpmvo: and plars has long linaro history so it's not entirely foreign06:50
zyga-mbpmvo: anyway, for us it's a way to have one infra layer for linux and zephyr 06:51
mvozyga-mbp: cool, I guess I shall talk to plars (?)06:51
zyga-mbpmvo: while being able to use spread locally during development and in CI 06:51
mvozyga-mbp: neato06:51
zyga-mbpmvo: for linux at least, zephyr is a big unknown for now :)06:51
zyga-mbpmvo: cool, I'll let you guys know when it's working06:51
zyga-mbpmvo: if you want to see any of the patches and have a chance to review we can do that too, but I don't know if you have the time to invest in that activity 06:52
zyga-mbpmvo: we literally just have the first two patches up for review06:52
mborzeckizyga-mbp: prs to spread upstream?06:53
zyga-mbpmborzecki: sure but I'm still waiting on the small PR to unbreak tests06:54
zyga-mbpI have patches that fix go 1.6 support, make go vet happy06:54
zyga-mbpI can all post those but really, someone has to review 06:54
mvozyga-mbp: I organized a review meeting for monday, I hope to land some of the pending spread PRs then06:54
zyga-mbpmvo: oh that's cool06:54
zyga-mbpmvo: next monday?06:54
zyga-mbpI can post more then06:54
mvozyga-mbp: let's see how this goes06:54
zyga-mbpcool, thank you for organizing that!06:54
zyga-mbpI will post everything I have that's relevant 06:55
mvozyga-mbp: my pleasure06:55
zyga-mbpwoot, that's great06:55
pstolowskimorning07:05
mvogood morning pstolowski 07:13
zyga-mbpgood morning pedronis :)07:15
cachio_mborzecki, hi, tumbleweed is failing to build https://github.com/snapcore/snapd/pull/10367/checks?check_run_id=2794258646#step:5:356814:37
cachio_any idea about how to fix it?14:37
mborzeckicachio_: hm looks weird, the builds on OBS are green, although the last rebuild was 3 days ago14:59
=== sil2100_ is now known as sil2100
mborzeckipedronis: opened https://github.com/snapcore/snapd/pull/10377 which should be fairly easy to land15:08
pedronismborzecki: thx15:10
* cachio_ lunch16:02
pedronisijohnson[m]: https://github.com/snapcore/snapd/pull/10266 is ready for re-reviews I think16:07
ijohnson[m]pedronis: ack will add it back to my queue16:08
pedronisthx16:12
mvocould someone do a quick double check at 10378, I need a +1 for merging16:18
ijohnson[m]mvo: looking now16:18
mvota16:18
ijohnson[m]mvo: approved16:20
dob1hi, hy a snap application cannot enter a directory mounted via autofs ?  it gives me permission problem with all snap applications while I have no problem to access that dir with my user via terminal/other application16:31
dob1I get this error  Error creating IO channel for /proc/self/mountinfo: Permission denied (g-file-error-quark, 2)16:31
dob1ah because snap apps can only access home dir?16:35
dob1https://askubuntu.com/a/1033617     why this limitation?  it makes no sense....16:36
ijohnson[m]dob1: snaps need to be given permission to access files through interfaces, the mount-observe interface would give access to /proc/self/mountinfo IIRC16:36
dob1ijohnson[m], and how?16:37
ijohnson[m]dob1: are you building your own snap or are you using someone else's snap ?16:38
dob1someone else16:38
ijohnson[m]dob1: you can check if the snap has the mount-observe interface plug defined with `snap connections <name-of-snap>`, if it shows up then all you need to do is `snap connect <snap-name>:mount-observer`16:38
ijohnson[m]s/mount-observer/mount-observe16:39
dob1ijohnson[m], it's not16:40
dob1let me say, not to critic the work of someone else, but it's so complicated ... why ? in 2021 I just want to access a file other that my home dir....16:40
ijohnson[m]dob1: then you need to ask the publisher to add that connection to their snap, you should be able to contact them if you look at `snap info <snap-name> | grep contact`16:42
dob1ijohnson[m], why there is a such limitation by default?16:53
ogradob1, because everyone can upload and create snaps in the store the apps run in a confined space 16:55
ogradob1, the interfaces allow you as a user to decide if you trust the app enough to give it permissions to access info, hardware or places of your system16:56
ogra(imagine IOS or android apps)16:57
dob1well it's not the same16:57
ograsadly the author of your app did not add the interface plug you need here 16:58
dob1ios and android apps (more ios ones) are checked by apple and google before user can use them from app/play store16:58
ograthe same happens with snap apps16:58
ograthey run through a ton of automatic checks on upload16:58
dob1that's fine then16:58
ograthe difference is that n IOS or android you get a popup asking you for the permissions when the app tries to access i.e. your GPS16:59
ograsnaps do not have that integration yet 16:59
ograso you need to come here and ask 🙂16:59
ograand then ask the snap developer to add the missing plug 17:00
RzRthe other option would be to let user define forbiden interfaces and let the application deal with this17:00
dob1this application is a mp3 player, it makes sense that I want to load my mp3s from another location than my home.... 17:00
ograeventualy snaps will also ask about the permissions interactively ....17:00
RzRor let user define granted paths for app (ie: ~/Music by default)17:01
ograwell, most player apps tat need this have the removable-media plug ... if yu connect it it will give you access to /mnt and /media where i.e. usb disks get automounted17:01
ogradoes "snap connections <the app you have>" list removable-media  ?17:02
dob1ogra, it lists this one17:02
ogratry mounting your disk in media or mnt ... and use snap connect to connect the interface 17:03
ograthat should get you going17:03
ograRzR, ~/Music is included in the home interface 17:03
dob1ogra, I installed another app in the meanwhile, no problem.  I was just considering how this system works.  I am used to just apt 17:03
ograyeah 🙂17:04
ograsnaps are closer to mobile or tablet apps than to apr/rpm 17:04
ogra*apt17:04
RzRogra, but maybe user want to not expose ~/Documents 17:04
ograalso incuded in home17:04
ograoh that ...17:05
ograyeah ... we dont have such fine grained management yet17:05
dob1ogra, the idea of permissions make sense, it's not as you said user friendly but as RzR said it would be nice that the user can add any permission he wants17:05
ograwell, snaps do support xdg portals ... with that you can access anything on the filesystem the user has read access to 17:06
ograbut it requires the app developer to implemet it 17:06
* cachio_ afk17:06
ogranot all apps have that 17:06
dob1can I read more about the checks on the apps?17:08
dob1do you have some link?17:08
ograhttps://code.launchpad.net/review-tools should have some of it 17:08
ograthey are also packaged as a snap 😉17:09
ograso you can "snap install review-tools" and run them at home17:09
dob1to be honest this is the part that worried me most17:09
ograto check a snap before uploading17:09
ograthere is also a CVE checker builtin to check for known security vulnerabilities ... in case you want to check other peoples snaps yu have installed17:10
dob1ogra, where is is?17:10
ograi just gave you the link above 🙂17:10
ogra(or the command to install the binary)17:11
dob1I take a look, thanks17:11
RzRI think there is at least 2 roles regardings such policies17:12
RzRwhat developer wants17:12
RzRand what user is ready to give17:12
ograwell, my mom doesnt care ... 17:12
RzRi care of my mom :)17:13
ograshe just wants to use the SW ... and wants to be safe .... i.e. not have her gmail passwords stolen by an mp3 player app17:13
RzRan other option would be to have pre-defined settings approved by some trusty org like EFF17:14
ograand TBH the majority of ubuntu users is on a technical level of my mom17:14
ograuh, what has the EFF to do with packaging software ?17:14
RzRmaybe not EFF itself17:15
RzRbut they can approve that some policies are trustworthy or not17:16
RzRthis mean policies should be in other channels17:16
ograso can the ubuntu security team 17:16
RzRlike adblockers's black/white lists for the web17:16
RzRsorry if i am unclear17:16
RzRbut I would be eager to apply to my systems some rules that will restrict the applications I use17:17
ograyou need to be deeply into the implementation to understand implications of what an interface does or doesnt allow 17:17
RzRinstead of writing then myself17:17
ograi dont think comparing it to URL list of adblockers is a good analogy17:17
RzRyour MP3 player is a good example17:17
RzRwhat is reasonable and what is not17:18
ograwell, the philosophy of snap security is "less is more" ... meanings to be as locked down as pssible .... and then open peice by piece17:18
RzRbut it's clear for me that it can't be done only by one entity 17:18
RzRgood philosophy17:19
RzRwell there are several problem here17:19
ograso as requirements come in, interfaces are added and extended17:19
ograbut effectively the decision should lie at the user17:19
RzRbut I wish a system that can be hardened user's side17:19
ograit can 17:20
RzRgood17:20
ograyou can always disconnect interfaces17:20
RzRthis is valuable feature17:20
pedronisijohnson[m]: I reviewed https://github.com/snapcore/snapd/pull/1034717:55
=== not_phunyguy is now known as phunyguy
=== jdstrand_ is now known as jdstrand
mwhudsondoes anyone have any idea why my snap build is failing with23:47
mwhudson/root/parts/subiquity/install/usr/bin/python3: No module named pip23:48
mwhudsonand after snapcraft clean, multipass is complaining about the "snacraft remote" not working?23:55
mwhudsonoh ssl errors in the logs grunk23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!